Writeup Exploits
63,773 exploits tracked across all sources.
Art Gallery Management System Project in PHP 1.0 - SQL Injection via pid Parameter
Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page.
CVSS 9.8
Art Gallery Management System Project 1.0 - Reflected Cross-Site Scripting via artname Parameter
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.
CVSS 6.1
Art Gallery Management System Project 1.0 - SQL Injection via cid Parameter
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php.
CVSS 9.8
Art Gallery Management System Project 1.0 - SQL Injection via editid Parameter
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.
CVSS 9.8
IS Decisions UserLock MFA 11.01 - Authentication Bypass via Scheduled Task
IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task.
CVSS 7.2
Garmin ConnectIQ 1.0.0-4.1.7 - Buffer Overflow in GarminOS TVM Component
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.
CVSS 9.8
Geomatika IsiGeo Web 6.0 - Authenticated SQL Injection
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection.
CVSS 6.5
Geomatika IsiGeo Web 6.0 - Authenticated Remote Command Execution
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands.
CVSS 8.8
Geomatika IsiGeo Web 6.0 - Authenticated Local File Inclusion
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.
CVSS 4.9
Discourse < 3.0.1 - Uncontrolled Resource Consumption via Membership Request Reason
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, a limit of 280 characters has been introduced for membership requests.
CVSS 3.5
Discourse < 3.0.1 and 3.1.0.beta2 - Unauthorized Sensitive Information Exposure via Tag Topic Count
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to.
In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.
CVSS 4.3
go-unixfsnode < 1.5.2 - Denial of Service via Malformed HAMT Directory Handling
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks.
If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 5.9
dompdf < 2.0.2 - Arbitrary Object Unserialize via SVG Image Tag Bypass
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.
CVSS 10.0
Git <2.39.2-2.30.8 - Path Traversal
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.
CVSS 6.2
Ubiquiti EdgeRouter X <2.0.9-hotfix.6 - Command Injection
A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
CVSS 7.2
Plesk Obsidian <18.0.49 - Host Header Injection
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."
CVSS 6.1
Booked Scheduler <2.5.5 - Privilege Escalation
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected.
CVSS 4.3
NOSH 4a5cfdb - Stored Cross-Site Scripting via Create User Page
NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting.
CVSS 5.4
FuguHub < 8.1 - Remote Code Execution via CMS Docs Component
Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.
CVSS 8.8
LuCI openwrt-22.03 branch git-22.361.69894-438c598 - Reflected Cross-Site Scripting via /openvpn/pageswitch.htm
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.
CVSS 5.4
OpenWrt LuCI 22.03 - Stored Cross-Site Scripting in SSH Keys Management
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.
CVSS 5.4
DrayTek Vigor2960 v1.5.1.4 - Command Injection
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 7.8
rconfig v6.8.0 - Arbitrary File Download via Crafted HTTP Request
An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request.
CVSS 6.5
Pandora FMS < 767 - Unauthenticated Unrestricted Upload of File with Dangerous Type via File Manager
Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVSS 6.4
NOSH 4a5cfdb - Authenticated Remote Code Execution via Practice Logo Upload
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting.
CVSS 8.8
By Source